How SEBI is enhancing investor security with new mandates

Leaving no room for impersonation or trade fraud in a technology-first, investment-friendly environment in India, the Securities and Exchange Board of India (SEBI) introduced the latest reforms to modernize market infrastructure with stronger compliance and digital safety.

At the core of this modernization is passwordless authentication—India's cutting-edge response to the growing threat of cyberattacks in the trading ecosystem.

With a goal to reduce unauthorized access, SEBI's key measures include SIM-binding, biometric verification, QR-code-based logins, temporary account lock, and centralized call-and-trade systems. By eliminating traditional passwords and OTPs, passwordless authentication through SIM-binding and biometrics simplifies user experience by eliminating passwords and OTPs and thus, delivers uncompromising security.

Growing Imperative for Passwordless Security

In the first half of 2024, over 135,000 phishing incidents in the Indian financial sector were reported—indicating a 175% increase when compared against the same period in the year 2023, according to a Kaspersky report. India's financial market, dominated by mobile users and real-time access, is especially vulnerable to fraud schemes like SIM-swap attacks that bypass traditional two-factor authentication relying on SMS-driven One Time Passwords (OTPs).

Passwordless authentication directly addresses these threats by shifting security away from passwords to a trusted device and SIM by ascertaining who you are via biometric identity. This multi-layered, device-bound model drastically reduces the attack surface, making unauthorized access far more difficult.

Top 5 Industry Indications: India's Passwordless Trading Shift

1. Widespread Adoption of Biometric Authentication: Trading platforms are integrating fingerprint and facial recognition to replace passwords, leveraging mobile devices' native biometric capabilities for secure, user-friendly logins.
2. Device and SIM Binding for Enhanced Security: Accounts are increasingly linked to a single registered device and SIM card, preventing unauthorized access even if credentials are compromised elsewhere.
3. QR Code-Based Desktop Logins: To extend Passwordless access beyond mobile, brokers are implementing QR code scanning for desktop sessions, tying desktop access securely to the verified mobile device.
4. Real-Time Session Monitoring and Control: Investors gain transparency and control by being able to view and terminate active sessions instantly, enabling quicker response to suspicious activity.
5. Regulatory Push of Standardisation: SEBI's mandate is encouraging uniform security standards across brokers, ensuring consistent and robust Passwordless authentication adoption throughout India's trading ecosystem.

Enhancing UX: Gaining Consumer Trust

Beyond security, passwordless systems offer a smoother, faster login User Experience (UX). Traders no longer need to remember complex passwords or wait for OTPs; biometric scans and device recognition streamline access while maintaining strong safeguards.

In fact, real-time session monitoring, another key feature, empowers users to detect and terminate suspicious activity immediately. For India's rapidly growing retail investor base (many of whom are first-time traders), this provides financial inclusion with transparency and control never before possible with conventional logins.

Future Outlook: India is now on the global financial trajectory

A good move for all—embedding passwordless authentication to log in to the fabric of Indian capital markets, there is enhancement in domestic investor protection. By moving beyond passwords to a model rooted in biometrics and device trust - India's positioning is indeed gaining trust and newfound strength in the emerging economies' digital finance segment.

[Disclaimer: This is an authored article by Siddharth Gandhi, COO- Asia Pacific, 1Kosmos. Views expressed are author's own]